CVE-2020-17530 | Apache StrutsÔ¶³Ì´úÂëÖ´ÐÐÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-12-08


0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2020-17530

ʱ      ¼ä

2020-12-08

Àà     ÐÍ

RCE

µÈ      ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

Apache struts £º

 2.0.0-2.5.25

 

0x01 Îó²îÏêÇé

 

image.png

 

Apache Struts 2 ÊÇÒ»¸öÓÃÓÚ¿ª·¢Java EEÍøÂçÓ¦ÓóÌÐòµÄ¿ªÔ´Web¿ò¼Ü£¬£¬£¬£¬£¬£¬ÆäʹÓò¢ÑÓÉìÁËJava Servlet API£¬£¬£¬£¬£¬£¬ÃãÀø¿ª·¢Õß½ÓÄÉMVC¼Ü¹¹¡£ ¡£¡£

2020Äê12ÔÂ08ÈÕ£¬£¬£¬£¬£¬£¬ Apache Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬StrutsÖб£´æÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-17530£©¡£ ¡£¡£

StrutsÔÚijЩÇéÐÎÏ¿ÉÄܱ£´æOGNL±í´ïʽעÈëÎó²î£¬£¬£¬£¬£¬£¬ÈôÊÇ¿ª·¢Ö°Ô±Ê¹ÓÃÁË %{¡­} Óï·¨¾ÙÐÐÇ¿ÖÆOGNLÆÊÎö£¬£¬£¬£¬£¬£¬Ä³Ð©ÌØÊâµÄTAGÊôÐÔ¿ÉÄÜ»á±»Ë«ÖØÆÊÎö¡£ ¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ý½á¹¹¶ñÒâµÄOGNL±í´ïʽÀ´Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬×îÖÕÔì³ÉÔ¶³Ì´úÂëÖ´ÐС£ ¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚApacheÒѾ­ÐÞ¸´ÁË´ËÎó²î£¬£¬£¬£¬£¬£¬½¨Òé¸üÐÂÖÁStruts 2.5.26»ò¸ü¸ß°æ±¾¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.26

 

0x03 ²Î¿¼Á´½Ó

https://cwiki.apache.org/confluence/display/WW/S2-061

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

 

0x04 ʱ¼äÏß

2020-12-08  ApacheÐû²¼Ç徲ͨ¸æ

2020-12-08  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/


image.png